cgi 0.1.0 → 0.3.6
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/ext/cgi/escape/depend +0 -15
- data/ext/cgi/escape/escape.c +212 -155
- data/lib/cgi/cookie.rb +38 -17
- data/lib/cgi/core.rb +38 -26
- data/lib/cgi/html.rb +3 -3
- data/lib/cgi/session/pstore.rb +2 -15
- data/lib/cgi/session.rb +45 -17
- data/lib/cgi/util.rb +69 -40
- data/lib/cgi.rb +3 -2
- metadata +13 -19
- data/.gitignore +0 -12
- data/.travis.yml +0 -7
- data/Gemfile +0 -8
- data/Rakefile +0 -13
- data/bin/console +0 -7
- data/bin/setup +0 -6
- data/cgi.gemspec +0 -25
- data/lib/cgi/version.rb +0 -3
data/lib/cgi/core.rb
CHANGED
@@ -188,17 +188,28 @@ class CGI
|
|
188
188
|
# Using #header with the HTML5 tag maker will create a <header> element.
|
189
189
|
alias :header :http_header
|
190
190
|
|
191
|
+
def _no_crlf_check(str)
|
192
|
+
if str
|
193
|
+
str = str.to_s
|
194
|
+
raise "A HTTP status or header field must not include CR and LF" if str =~ /[\r\n]/
|
195
|
+
str
|
196
|
+
else
|
197
|
+
nil
|
198
|
+
end
|
199
|
+
end
|
200
|
+
private :_no_crlf_check
|
201
|
+
|
191
202
|
def _header_for_string(content_type) #:nodoc:
|
192
203
|
buf = ''.dup
|
193
204
|
if nph?()
|
194
|
-
buf << "#{$CGI_ENV['SERVER_PROTOCOL'] || 'HTTP/1.0'} 200 OK#{EOL}"
|
205
|
+
buf << "#{_no_crlf_check($CGI_ENV['SERVER_PROTOCOL']) || 'HTTP/1.0'} 200 OK#{EOL}"
|
195
206
|
buf << "Date: #{CGI.rfc1123_date(Time.now)}#{EOL}"
|
196
|
-
buf << "Server: #{$CGI_ENV['SERVER_SOFTWARE']}#{EOL}"
|
207
|
+
buf << "Server: #{_no_crlf_check($CGI_ENV['SERVER_SOFTWARE'])}#{EOL}"
|
197
208
|
buf << "Connection: close#{EOL}"
|
198
209
|
end
|
199
|
-
buf << "Content-Type: #{content_type}#{EOL}"
|
210
|
+
buf << "Content-Type: #{_no_crlf_check(content_type)}#{EOL}"
|
200
211
|
if @output_cookies
|
201
|
-
@output_cookies.each {|cookie| buf << "Set-Cookie: #{cookie}#{EOL}" }
|
212
|
+
@output_cookies.each {|cookie| buf << "Set-Cookie: #{_no_crlf_check(cookie)}#{EOL}" }
|
202
213
|
end
|
203
214
|
return buf
|
204
215
|
end # _header_for_string
|
@@ -213,9 +224,9 @@ class CGI
|
|
213
224
|
## NPH
|
214
225
|
options.delete('nph') if defined?(MOD_RUBY)
|
215
226
|
if options.delete('nph') || nph?()
|
216
|
-
protocol = $CGI_ENV['SERVER_PROTOCOL'] || 'HTTP/1.0'
|
227
|
+
protocol = _no_crlf_check($CGI_ENV['SERVER_PROTOCOL']) || 'HTTP/1.0'
|
217
228
|
status = options.delete('status')
|
218
|
-
status = HTTP_STATUS[status] || status || '200 OK'
|
229
|
+
status = HTTP_STATUS[status] || _no_crlf_check(status) || '200 OK'
|
219
230
|
buf << "#{protocol} #{status}#{EOL}"
|
220
231
|
buf << "Date: #{CGI.rfc1123_date(Time.now)}#{EOL}"
|
221
232
|
options['server'] ||= $CGI_ENV['SERVER_SOFTWARE'] || ''
|
@@ -223,45 +234,45 @@ class CGI
|
|
223
234
|
end
|
224
235
|
## common headers
|
225
236
|
status = options.delete('status')
|
226
|
-
buf << "Status: #{HTTP_STATUS[status] || status}#{EOL}" if status
|
237
|
+
buf << "Status: #{HTTP_STATUS[status] || _no_crlf_check(status)}#{EOL}" if status
|
227
238
|
server = options.delete('server')
|
228
|
-
buf << "Server: #{server}#{EOL}" if server
|
239
|
+
buf << "Server: #{_no_crlf_check(server)}#{EOL}" if server
|
229
240
|
connection = options.delete('connection')
|
230
|
-
buf << "Connection: #{connection}#{EOL}" if connection
|
241
|
+
buf << "Connection: #{_no_crlf_check(connection)}#{EOL}" if connection
|
231
242
|
type = options.delete('type')
|
232
|
-
buf << "Content-Type: #{type}#{EOL}" #if type
|
243
|
+
buf << "Content-Type: #{_no_crlf_check(type)}#{EOL}" #if type
|
233
244
|
length = options.delete('length')
|
234
|
-
buf << "Content-Length: #{length}#{EOL}" if length
|
245
|
+
buf << "Content-Length: #{_no_crlf_check(length)}#{EOL}" if length
|
235
246
|
language = options.delete('language')
|
236
|
-
buf << "Content-Language: #{language}#{EOL}" if language
|
247
|
+
buf << "Content-Language: #{_no_crlf_check(language)}#{EOL}" if language
|
237
248
|
expires = options.delete('expires')
|
238
249
|
buf << "Expires: #{CGI.rfc1123_date(expires)}#{EOL}" if expires
|
239
250
|
## cookie
|
240
251
|
if cookie = options.delete('cookie')
|
241
252
|
case cookie
|
242
253
|
when String, Cookie
|
243
|
-
buf << "Set-Cookie: #{cookie}#{EOL}"
|
254
|
+
buf << "Set-Cookie: #{_no_crlf_check(cookie)}#{EOL}"
|
244
255
|
when Array
|
245
256
|
arr = cookie
|
246
|
-
arr.each {|c| buf << "Set-Cookie: #{c}#{EOL}" }
|
257
|
+
arr.each {|c| buf << "Set-Cookie: #{_no_crlf_check(c)}#{EOL}" }
|
247
258
|
when Hash
|
248
259
|
hash = cookie
|
249
|
-
hash.each_value {|c| buf << "Set-Cookie: #{c}#{EOL}" }
|
260
|
+
hash.each_value {|c| buf << "Set-Cookie: #{_no_crlf_check(c)}#{EOL}" }
|
250
261
|
end
|
251
262
|
end
|
252
263
|
if @output_cookies
|
253
|
-
@output_cookies.each {|c| buf << "Set-Cookie: #{c}#{EOL}" }
|
264
|
+
@output_cookies.each {|c| buf << "Set-Cookie: #{_no_crlf_check(c)}#{EOL}" }
|
254
265
|
end
|
255
266
|
## other headers
|
256
267
|
options.each do |key, value|
|
257
|
-
buf << "#{key}: #{value}#{EOL}"
|
268
|
+
buf << "#{_no_crlf_check(key)}: #{_no_crlf_check(value)}#{EOL}"
|
258
269
|
end
|
259
270
|
return buf
|
260
271
|
end # _header_for_hash
|
261
272
|
private :_header_for_hash
|
262
273
|
|
263
274
|
def nph? #:nodoc:
|
264
|
-
return /IIS\/(\d+)
|
275
|
+
return /IIS\/(\d+)/ =~ $CGI_ENV['SERVER_SOFTWARE'] && $1.to_i < 5
|
265
276
|
end
|
266
277
|
|
267
278
|
def _header_for_modruby(buf) #:nodoc:
|
@@ -375,14 +386,14 @@ class CGI
|
|
375
386
|
|
376
387
|
# Parse an HTTP query string into a hash of key=>value pairs.
|
377
388
|
#
|
378
|
-
# params = CGI
|
389
|
+
# params = CGI.parse("query_string")
|
379
390
|
# # {"name1" => ["value1", "value2", ...],
|
380
391
|
# # "name2" => ["value1", "value2", ...], ... }
|
381
392
|
#
|
382
|
-
def
|
393
|
+
def self.parse(query)
|
383
394
|
params = {}
|
384
395
|
query.split(/[&;]/).each do |pairs|
|
385
|
-
key, value = pairs.split('=',2).collect{|v| CGI
|
396
|
+
key, value = pairs.split('=',2).collect{|v| CGI.unescape(v) }
|
386
397
|
|
387
398
|
next unless key
|
388
399
|
|
@@ -544,11 +555,11 @@ class CGI
|
|
544
555
|
/Content-Disposition:.* filename=(?:"(.*?)"|([^;\r\n]*))/i.match(head)
|
545
556
|
filename = $1 || $2 || ''.dup
|
546
557
|
filename = CGI.unescape(filename) if unescape_filename?()
|
547
|
-
body.instance_variable_set(:@original_filename, filename
|
558
|
+
body.instance_variable_set(:@original_filename, filename)
|
548
559
|
## content type
|
549
560
|
/Content-Type: (.*)/i.match(head)
|
550
561
|
(content_type = $1 || ''.dup).chomp!
|
551
|
-
body.instance_variable_set(:@content_type, content_type
|
562
|
+
body.instance_variable_set(:@content_type, content_type)
|
552
563
|
## query parameter name
|
553
564
|
/Content-Disposition:.* name=(?:"(.*?)"|([^;\r\n]*))/i.match(head)
|
554
565
|
name = $1 || $2 || ''
|
@@ -607,6 +618,7 @@ class CGI
|
|
607
618
|
end
|
608
619
|
def unescape_filename? #:nodoc:
|
609
620
|
user_agent = $CGI_ENV['HTTP_USER_AGENT']
|
621
|
+
return false unless user_agent
|
610
622
|
return /Mac/i.match(user_agent) && /Mozilla/i.match(user_agent) && !/MSIE/i.match(user_agent)
|
611
623
|
end
|
612
624
|
|
@@ -648,7 +660,7 @@ class CGI
|
|
648
660
|
# Reads query parameters in the @params field, and cookies into @cookies.
|
649
661
|
def initialize_query()
|
650
662
|
if ("POST" == env_table['REQUEST_METHOD']) and
|
651
|
-
%r|\Amultipart/form-data.*boundary=\"?([^\";,]+)\"
|
663
|
+
%r|\Amultipart/form-data.*boundary=\"?([^\";,]+)\"?| =~ env_table['CONTENT_TYPE']
|
652
664
|
current_max_multipart_length = @max_multipart_length.respond_to?(:call) ? @max_multipart_length.call : @max_multipart_length
|
653
665
|
raise StandardError.new("too large multipart data.") if env_table['CONTENT_LENGTH'].to_i > current_max_multipart_length
|
654
666
|
boundary = $1.dup
|
@@ -656,7 +668,7 @@ class CGI
|
|
656
668
|
@params = read_multipart(boundary, Integer(env_table['CONTENT_LENGTH']))
|
657
669
|
else
|
658
670
|
@multipart = false
|
659
|
-
@params = CGI
|
671
|
+
@params = CGI.parse(
|
660
672
|
case env_table['REQUEST_METHOD']
|
661
673
|
when "GET", "HEAD"
|
662
674
|
if defined?(MOD_RUBY)
|
@@ -686,7 +698,7 @@ class CGI
|
|
686
698
|
end
|
687
699
|
end
|
688
700
|
|
689
|
-
@cookies = CGI::Cookie
|
701
|
+
@cookies = CGI::Cookie.parse((env_table['HTTP_COOKIE'] or env_table['COOKIE']))
|
690
702
|
end
|
691
703
|
private :initialize_query
|
692
704
|
|
data/lib/cgi/html.rb
CHANGED
@@ -30,10 +30,10 @@ class CGI
|
|
30
30
|
attributes.each do|name, value|
|
31
31
|
next unless value
|
32
32
|
s << " "
|
33
|
-
s << CGI
|
33
|
+
s << CGI.escapeHTML(name.to_s)
|
34
34
|
if value != true
|
35
35
|
s << '="'
|
36
|
-
s << CGI
|
36
|
+
s << CGI.escapeHTML(value.to_s)
|
37
37
|
s << '"'
|
38
38
|
end
|
39
39
|
end
|
@@ -423,7 +423,7 @@ class CGI
|
|
423
423
|
buf << super(attributes)
|
424
424
|
|
425
425
|
if pretty
|
426
|
-
CGI
|
426
|
+
CGI.pretty(buf, pretty)
|
427
427
|
else
|
428
428
|
buf
|
429
429
|
end
|
data/lib/cgi/session/pstore.rb
CHANGED
@@ -44,21 +44,8 @@ class CGI
|
|
44
44
|
# This session's PStore file will be created if it does
|
45
45
|
# not exist, or opened if it does.
|
46
46
|
def initialize(session, option={})
|
47
|
-
|
48
|
-
|
49
|
-
id = session.session_id
|
50
|
-
require 'digest/md5'
|
51
|
-
md5 = Digest::MD5.hexdigest(id)[0,16]
|
52
|
-
path = dir+"/"+prefix+md5
|
53
|
-
path.untaint
|
54
|
-
if File::exist?(path)
|
55
|
-
@hash = nil
|
56
|
-
else
|
57
|
-
unless session.new_session
|
58
|
-
raise CGI::Session::NoSession, "uninitialized session"
|
59
|
-
end
|
60
|
-
@hash = {}
|
61
|
-
end
|
47
|
+
option = {'suffix'=>''}.update(option)
|
48
|
+
path, @hash = session.new_store_file(option)
|
62
49
|
@p = ::PStore.new(path)
|
63
50
|
@p.transaction do |p|
|
64
51
|
File.chmod(0600, p.path)
|
data/lib/cgi/session.rb
CHANGED
@@ -189,6 +189,47 @@ class CGI
|
|
189
189
|
end
|
190
190
|
private :create_new_id
|
191
191
|
|
192
|
+
|
193
|
+
# Create a new file to store the session data.
|
194
|
+
#
|
195
|
+
# This file will be created if it does not exist, or opened if it
|
196
|
+
# does.
|
197
|
+
#
|
198
|
+
# This path is generated under _tmpdir_ from _prefix_, the
|
199
|
+
# digested session id, and _suffix_.
|
200
|
+
#
|
201
|
+
# +option+ is a hash of options for the initializer. The
|
202
|
+
# following options are recognised:
|
203
|
+
#
|
204
|
+
# tmpdir:: the directory to use for storing the FileStore
|
205
|
+
# file. Defaults to Dir::tmpdir (generally "/tmp"
|
206
|
+
# on Unix systems).
|
207
|
+
# prefix:: the prefix to add to the session id when generating
|
208
|
+
# the filename for this session's FileStore file.
|
209
|
+
# Defaults to "cgi_sid_".
|
210
|
+
# suffix:: the prefix to add to the session id when generating
|
211
|
+
# the filename for this session's FileStore file.
|
212
|
+
# Defaults to the empty string.
|
213
|
+
def new_store_file(option={}) # :nodoc:
|
214
|
+
dir = option['tmpdir'] || Dir::tmpdir
|
215
|
+
prefix = option['prefix']
|
216
|
+
suffix = option['suffix']
|
217
|
+
require 'digest/md5'
|
218
|
+
md5 = Digest::MD5.hexdigest(session_id)[0,16]
|
219
|
+
path = dir+"/"
|
220
|
+
path << prefix if prefix
|
221
|
+
path << md5
|
222
|
+
path << suffix if suffix
|
223
|
+
if File::exist? path
|
224
|
+
hash = nil
|
225
|
+
elsif new_session
|
226
|
+
hash = {}
|
227
|
+
else
|
228
|
+
raise NoSession, "uninitialized session"
|
229
|
+
end
|
230
|
+
return path, hash
|
231
|
+
end
|
232
|
+
|
192
233
|
# Create a new CGI::Session object for +request+.
|
193
234
|
#
|
194
235
|
# +request+ is an instance of the +CGI+ class (see cgi.rb).
|
@@ -373,21 +414,8 @@ class CGI
|
|
373
414
|
# This session's FileStore file will be created if it does
|
374
415
|
# not exist, or opened if it does.
|
375
416
|
def initialize(session, option={})
|
376
|
-
|
377
|
-
|
378
|
-
suffix = option['suffix'] || ''
|
379
|
-
id = session.session_id
|
380
|
-
require 'digest/md5'
|
381
|
-
md5 = Digest::MD5.hexdigest(id)[0,16]
|
382
|
-
@path = dir+"/"+prefix+md5+suffix
|
383
|
-
if File::exist? @path
|
384
|
-
@hash = nil
|
385
|
-
else
|
386
|
-
unless session.new_session
|
387
|
-
raise CGI::Session::NoSession, "uninitialized session"
|
388
|
-
end
|
389
|
-
@hash = {}
|
390
|
-
end
|
417
|
+
option = {'prefix' => 'cgi_sid_'}.update(option)
|
418
|
+
@path, @hash = session.new_store_file(option)
|
391
419
|
end
|
392
420
|
|
393
421
|
# Restore session state from the session's FileStore file.
|
@@ -403,7 +431,7 @@ class CGI
|
|
403
431
|
for line in f
|
404
432
|
line.chomp!
|
405
433
|
k, v = line.split('=',2)
|
406
|
-
@hash[CGI
|
434
|
+
@hash[CGI.unescape(k)] = Marshal.restore(CGI.unescape(v))
|
407
435
|
end
|
408
436
|
ensure
|
409
437
|
f&.close
|
@@ -421,7 +449,7 @@ class CGI
|
|
421
449
|
lockf.flock File::LOCK_EX
|
422
450
|
f = File.open(@path+".new", File::CREAT|File::TRUNC|File::WRONLY, 0600)
|
423
451
|
for k,v in @hash
|
424
|
-
f.printf "%s=%s\n", CGI
|
452
|
+
f.printf "%s=%s\n", CGI.escape(k), CGI.escape(String(Marshal.dump(v)))
|
425
453
|
end
|
426
454
|
f.close
|
427
455
|
File.rename @path+".new", @path
|
data/lib/cgi/util.rb
CHANGED
@@ -5,24 +5,57 @@ class CGI
|
|
5
5
|
extend Util
|
6
6
|
end
|
7
7
|
module CGI::Util
|
8
|
-
@@accept_charset=
|
9
|
-
|
10
|
-
#
|
8
|
+
@@accept_charset = Encoding::UTF_8 unless defined?(@@accept_charset)
|
9
|
+
|
10
|
+
# URL-encode a string into application/x-www-form-urlencoded.
|
11
|
+
# Space characters (+" "+) are encoded with plus signs (+"+"+)
|
12
|
+
# url_encoded_string = CGI.escape("'Stop!' said Fred")
|
11
13
|
# # => "%27Stop%21%27+said+Fred"
|
12
14
|
def escape(string)
|
13
15
|
encoding = string.encoding
|
14
|
-
string.b
|
16
|
+
buffer = string.b
|
17
|
+
buffer.gsub!(/([^ a-zA-Z0-9_.\-~]+)/) do |m|
|
15
18
|
'%' + m.unpack('H2' * m.bytesize).join('%').upcase
|
16
|
-
end
|
19
|
+
end
|
20
|
+
buffer.tr!(' ', '+')
|
21
|
+
buffer.force_encoding(encoding)
|
17
22
|
end
|
18
23
|
|
19
|
-
# URL-decode
|
20
|
-
# string = CGI
|
24
|
+
# URL-decode an application/x-www-form-urlencoded string with encoding(optional).
|
25
|
+
# string = CGI.unescape("%27Stop%21%27+said+Fred")
|
21
26
|
# # => "'Stop!' said Fred"
|
22
|
-
def unescape(string,encoding
|
23
|
-
str=string.tr('+', ' ')
|
27
|
+
def unescape(string, encoding = @@accept_charset)
|
28
|
+
str = string.tr('+', ' ')
|
29
|
+
str = str.b
|
30
|
+
str.gsub!(/((?:%[0-9a-fA-F]{2})+)/) do |m|
|
31
|
+
[m.delete('%')].pack('H*')
|
32
|
+
end
|
33
|
+
str.force_encoding(encoding)
|
34
|
+
str.valid_encoding? ? str : str.force_encoding(string.encoding)
|
35
|
+
end
|
36
|
+
|
37
|
+
# URL-encode a string following RFC 3986
|
38
|
+
# Space characters (+" "+) are encoded with (+"%20"+)
|
39
|
+
# url_encoded_string = CGI.escape("'Stop!' said Fred")
|
40
|
+
# # => "%27Stop%21%27%20said%20Fred"
|
41
|
+
def escapeURIComponent(string)
|
42
|
+
encoding = string.encoding
|
43
|
+
buffer = string.b
|
44
|
+
buffer.gsub!(/([^a-zA-Z0-9_.\-~]+)/) do |m|
|
45
|
+
'%' + m.unpack('H2' * m.bytesize).join('%').upcase
|
46
|
+
end
|
47
|
+
buffer.force_encoding(encoding)
|
48
|
+
end
|
49
|
+
|
50
|
+
# URL-decode a string following RFC 3986 with encoding(optional).
|
51
|
+
# string = CGI.unescape("%27Stop%21%27+said%20Fred")
|
52
|
+
# # => "'Stop!'+said Fred"
|
53
|
+
def unescapeURIComponent(string, encoding = @@accept_charset)
|
54
|
+
str = string.b
|
55
|
+
str.gsub!(/((?:%[0-9a-fA-F]{2})+)/) do |m|
|
24
56
|
[m.delete('%')].pack('H*')
|
25
|
-
end
|
57
|
+
end
|
58
|
+
str.force_encoding(encoding)
|
26
59
|
str.valid_encoding? ? str : str.force_encoding(string.encoding)
|
27
60
|
end
|
28
61
|
|
@@ -36,7 +69,7 @@ module CGI::Util
|
|
36
69
|
}
|
37
70
|
|
38
71
|
# Escape special characters in HTML, namely '&\"<>
|
39
|
-
# CGI
|
72
|
+
# CGI.escapeHTML('Usage: foo "bar" <baz>')
|
40
73
|
# # => "Usage: foo "bar" <baz>"
|
41
74
|
def escapeHTML(string)
|
42
75
|
enc = string.encoding
|
@@ -49,9 +82,12 @@ module CGI::Util
|
|
49
82
|
table = Hash[TABLE_FOR_ESCAPE_HTML__.map {|pair|pair.map {|s|s.encode(enc)}}]
|
50
83
|
string = string.gsub(/#{"['&\"<>]".encode(enc)}/, table)
|
51
84
|
string.encode!(origenc) if origenc
|
52
|
-
|
85
|
+
string
|
86
|
+
else
|
87
|
+
string = string.b
|
88
|
+
string.gsub!(/['&\"<>]/, TABLE_FOR_ESCAPE_HTML__)
|
89
|
+
string.force_encoding(enc)
|
53
90
|
end
|
54
|
-
string.gsub(/['&\"<>]/, TABLE_FOR_ESCAPE_HTML__)
|
55
91
|
end
|
56
92
|
|
57
93
|
begin
|
@@ -60,7 +96,7 @@ module CGI::Util
|
|
60
96
|
end
|
61
97
|
|
62
98
|
# Unescape a string that has been HTML-escaped
|
63
|
-
# CGI
|
99
|
+
# CGI.unescapeHTML("Usage: foo "bar" <baz>")
|
64
100
|
# # => "Usage: foo \"bar\" <baz>"
|
65
101
|
def unescapeHTML(string)
|
66
102
|
enc = string.encoding
|
@@ -90,7 +126,8 @@ module CGI::Util
|
|
90
126
|
when Encoding::ISO_8859_1; 256
|
91
127
|
else 128
|
92
128
|
end
|
93
|
-
string.
|
129
|
+
string = string.b
|
130
|
+
string.gsub!(/&(apos|amp|quot|gt|lt|\#[0-9]+|\#[xX][0-9A-Fa-f]+);/) do
|
94
131
|
match = $1.dup
|
95
132
|
case match
|
96
133
|
when 'apos' then "'"
|
@@ -116,12 +153,13 @@ module CGI::Util
|
|
116
153
|
"&#{match};"
|
117
154
|
end
|
118
155
|
end
|
156
|
+
string.force_encoding enc
|
119
157
|
end
|
120
158
|
|
121
|
-
# Synonym for CGI
|
159
|
+
# Synonym for CGI.escapeHTML(str)
|
122
160
|
alias escape_html escapeHTML
|
123
161
|
|
124
|
-
# Synonym for CGI
|
162
|
+
# Synonym for CGI.unescapeHTML(str)
|
125
163
|
alias unescape_html unescapeHTML
|
126
164
|
|
127
165
|
# Escape only the tags of certain HTML elements in +string+.
|
@@ -132,30 +170,30 @@ module CGI::Util
|
|
132
170
|
# The attribute list of the open tag will also be escaped (for
|
133
171
|
# instance, the double-quotes surrounding attribute values).
|
134
172
|
#
|
135
|
-
# print CGI
|
173
|
+
# print CGI.escapeElement('<BR><A HREF="url"></A>', "A", "IMG")
|
136
174
|
# # "<BR><A HREF="url"></A>"
|
137
175
|
#
|
138
|
-
# print CGI
|
176
|
+
# print CGI.escapeElement('<BR><A HREF="url"></A>', ["A", "IMG"])
|
139
177
|
# # "<BR><A HREF="url"></A>"
|
140
178
|
def escapeElement(string, *elements)
|
141
179
|
elements = elements[0] if elements[0].kind_of?(Array)
|
142
180
|
unless elements.empty?
|
143
181
|
string.gsub(/<\/?(?:#{elements.join("|")})(?!\w)(?:.|\n)*?>/i) do
|
144
|
-
CGI
|
182
|
+
CGI.escapeHTML($&)
|
145
183
|
end
|
146
184
|
else
|
147
185
|
string
|
148
186
|
end
|
149
187
|
end
|
150
188
|
|
151
|
-
# Undo escaping such as that done by CGI
|
189
|
+
# Undo escaping such as that done by CGI.escapeElement()
|
152
190
|
#
|
153
|
-
# print CGI
|
154
|
-
# CGI
|
191
|
+
# print CGI.unescapeElement(
|
192
|
+
# CGI.escapeHTML('<BR><A HREF="url"></A>'), "A", "IMG")
|
155
193
|
# # "<BR><A HREF="url"></A>"
|
156
194
|
#
|
157
|
-
# print CGI
|
158
|
-
# CGI
|
195
|
+
# print CGI.unescapeElement(
|
196
|
+
# CGI.escapeHTML('<BR><A HREF="url"></A>'), ["A", "IMG"])
|
159
197
|
# # "<BR><A HREF="url"></A>"
|
160
198
|
def unescapeElement(string, *elements)
|
161
199
|
elements = elements[0] if elements[0].kind_of?(Array)
|
@@ -168,27 +206,18 @@ module CGI::Util
|
|
168
206
|
end
|
169
207
|
end
|
170
208
|
|
171
|
-
# Synonym for CGI
|
209
|
+
# Synonym for CGI.escapeElement(str)
|
172
210
|
alias escape_element escapeElement
|
173
211
|
|
174
|
-
# Synonym for CGI
|
212
|
+
# Synonym for CGI.unescapeElement(str)
|
175
213
|
alias unescape_element unescapeElement
|
176
214
|
|
177
|
-
# Abbreviated day-of-week names specified by RFC 822
|
178
|
-
RFC822_DAYS = %w[ Sun Mon Tue Wed Thu Fri Sat ]
|
179
|
-
|
180
|
-
# Abbreviated month names specified by RFC 822
|
181
|
-
RFC822_MONTHS = %w[ Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec ]
|
182
|
-
|
183
215
|
# Format a +Time+ object as a String using the format specified by RFC 1123.
|
184
216
|
#
|
185
|
-
# CGI
|
217
|
+
# CGI.rfc1123_date(Time.now)
|
186
218
|
# # Sat, 01 Jan 2000 00:00:00 GMT
|
187
219
|
def rfc1123_date(time)
|
188
|
-
|
189
|
-
return format("%s, %.2d %s %.4d %.2d:%.2d:%.2d GMT",
|
190
|
-
RFC822_DAYS[t.wday], t.day, RFC822_MONTHS[t.month-1], t.year,
|
191
|
-
t.hour, t.min, t.sec)
|
220
|
+
time.getgm.strftime("%a, %d %b %Y %T GMT")
|
192
221
|
end
|
193
222
|
|
194
223
|
# Prettify (indent) an HTML string.
|
@@ -196,13 +225,13 @@ module CGI::Util
|
|
196
225
|
# +string+ is the HTML string to indent. +shift+ is the indentation
|
197
226
|
# unit to use; it defaults to two spaces.
|
198
227
|
#
|
199
|
-
# print CGI
|
228
|
+
# print CGI.pretty("<HTML><BODY></BODY></HTML>")
|
200
229
|
# # <HTML>
|
201
230
|
# # <BODY>
|
202
231
|
# # </BODY>
|
203
232
|
# # </HTML>
|
204
233
|
#
|
205
|
-
# print CGI
|
234
|
+
# print CGI.pretty("<HTML><BODY></BODY></HTML>", "\t")
|
206
235
|
# # <HTML>
|
207
236
|
# # <BODY>
|
208
237
|
# # </BODY>
|
data/lib/cgi.rb
CHANGED
@@ -162,7 +162,7 @@
|
|
162
162
|
# cgi.has_key?('field_name')
|
163
163
|
# cgi.include?('field_name')
|
164
164
|
#
|
165
|
-
# CAUTION! cgi['field_name'] returned an Array with the old
|
165
|
+
# CAUTION! <code>cgi['field_name']</code> returned an Array with the old
|
166
166
|
# cgi.rb(included in Ruby 1.6)
|
167
167
|
#
|
168
168
|
# === Get form values as hash
|
@@ -253,7 +253,7 @@
|
|
253
253
|
# end
|
254
254
|
# end +
|
255
255
|
# cgi.pre do
|
256
|
-
# CGI
|
256
|
+
# CGI.escapeHTML(
|
257
257
|
# "params: #{cgi.params.inspect}\n" +
|
258
258
|
# "cookies: #{cgi.cookies.inspect}\n" +
|
259
259
|
# ENV.collect do |key, value|
|
@@ -288,6 +288,7 @@
|
|
288
288
|
#
|
289
289
|
|
290
290
|
class CGI
|
291
|
+
VERSION = "0.3.6"
|
291
292
|
end
|
292
293
|
|
293
294
|
require 'cgi/core'
|
metadata
CHANGED
@@ -1,31 +1,25 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cgi
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.3.6
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
|
-
-
|
8
|
-
autorequire:
|
9
|
-
bindir:
|
7
|
+
- Yukihiro Matsumoto
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2022-11-28 00:00:00.000000000 Z
|
12
12
|
dependencies: []
|
13
13
|
description: Support for the Common Gateway Interface protocol.
|
14
14
|
email:
|
15
|
-
-
|
15
|
+
- matz@ruby-lang.org
|
16
16
|
executables: []
|
17
|
-
extensions:
|
17
|
+
extensions:
|
18
|
+
- ext/cgi/escape/extconf.rb
|
18
19
|
extra_rdoc_files: []
|
19
20
|
files:
|
20
|
-
- ".gitignore"
|
21
|
-
- ".travis.yml"
|
22
|
-
- Gemfile
|
23
21
|
- LICENSE.txt
|
24
22
|
- README.md
|
25
|
-
- Rakefile
|
26
|
-
- bin/console
|
27
|
-
- bin/setup
|
28
|
-
- cgi.gemspec
|
29
23
|
- ext/cgi/escape/depend
|
30
24
|
- ext/cgi/escape/escape.c
|
31
25
|
- ext/cgi/escape/extconf.rb
|
@@ -36,14 +30,14 @@ files:
|
|
36
30
|
- lib/cgi/session.rb
|
37
31
|
- lib/cgi/session/pstore.rb
|
38
32
|
- lib/cgi/util.rb
|
39
|
-
- lib/cgi/version.rb
|
40
33
|
homepage: https://github.com/ruby/cgi
|
41
34
|
licenses:
|
35
|
+
- Ruby
|
42
36
|
- BSD-2-Clause
|
43
37
|
metadata:
|
44
38
|
homepage_uri: https://github.com/ruby/cgi
|
45
39
|
source_code_uri: https://github.com/ruby/cgi
|
46
|
-
post_install_message:
|
40
|
+
post_install_message:
|
47
41
|
rdoc_options: []
|
48
42
|
require_paths:
|
49
43
|
- lib
|
@@ -51,15 +45,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
51
45
|
requirements:
|
52
46
|
- - ">="
|
53
47
|
- !ruby/object:Gem::Version
|
54
|
-
version:
|
48
|
+
version: 2.5.0
|
55
49
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
56
50
|
requirements:
|
57
51
|
- - ">="
|
58
52
|
- !ruby/object:Gem::Version
|
59
53
|
version: '0'
|
60
54
|
requirements: []
|
61
|
-
rubygems_version: 3.0.
|
62
|
-
signing_key:
|
55
|
+
rubygems_version: 3.4.0.dev
|
56
|
+
signing_key:
|
63
57
|
specification_version: 4
|
64
58
|
summary: Support for the Common Gateway Interface protocol.
|
65
59
|
test_files: []
|
data/.gitignore
DELETED
data/.travis.yml
DELETED
data/Gemfile
DELETED
data/Rakefile
DELETED
@@ -1,13 +0,0 @@
|
|
1
|
-
require "bundler/gem_tasks"
|
2
|
-
require "rake/testtask"
|
3
|
-
|
4
|
-
Rake::TestTask.new(:test) do |t|
|
5
|
-
t.libs << "test/lib"
|
6
|
-
t.ruby_opts << "-rhelper"
|
7
|
-
t.test_files = FileList['test/**/test_*.rb']
|
8
|
-
end
|
9
|
-
|
10
|
-
require 'rake/extensiontask'
|
11
|
-
Rake::ExtensionTask.new("cgi/escape")
|
12
|
-
|
13
|
-
task :default => :test
|